#!/bin/bash

iptables -t nat -F
iptables -t nat -X
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P INPUT ACCEPT
iptables -t mangle -P FORWARD ACCEPT
iptables -t mangle -P OUTPUT ACCEPT
iptables -t mangle -P POSTROUTING ACCEPT
iptables -F
iptables -X
iptables -P FORWARD ACCEPT
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t raw -F
iptables -t raw -X
iptables -t raw -P PREROUTING ACCEPT
iptables -t raw -P OUTPUT ACCEPT

#/sbin/iptables -A INPUT -i eth0 -j ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -p udp --sport 53  -j ACCEPT #DNS
/sbin/iptables -A INPUT -p icmp -j ACCEPT            #ping
/sbin/iptables -A INPUT -p udp --dport 123 -j ACCEPT ##ntp
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT  #ssh
/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT  #web
/sbin/iptables -A INPUT -p tcp --dport 8543 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 139 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 445 -j ACCEPT  
/sbin/iptables -A INPUT -p udp --dport 138 -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 137 -j ACCEPT

/sbin/iptables -A INPUT -m iprange --src-range 10.104.0.0-10.104.255.255 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 7000:9000 -j ACCEPT #game


/sbin/iptables -P INPUT DROP
/sbin/service iptables save

iptables -vnL
